GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Critical
CVE-2022-36599
was published
for
net.mingsoft:ms-mcms
(Maven)
Aug 17, 2022
SQL injection in jflyfox jfinal
Critical
CVE-2022-37223
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
SQL injection in jflyfox jfinal
Critical
CVE-2022-37199
was published
for
com.jflyfox:jflyfox_jfinal
(Maven)
Aug 24, 2022
owncast is vulnerable to SQL Injection
Critical
CVE-2022-3751
was published
for
github.com/owncast/owncast
(Go)
Nov 29, 2022
SQL injection in net.mingsoft:ms-mcms
Critical
CVE-2022-23898
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 4, 2022
SQL injection in net.mingsoft:ms-mcms
Critical
CVE-2022-23899
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 4, 2022
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
Squalor SQL Injection vulnerability
Critical
CVE-2020-36645
was published
for
github.com/square/squalor
(Go)
Jan 7, 2023
Mingsoft MCMS vulnerable to SQL Injection
Critical
CVE-2022-4375
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 9, 2022
Dataease v1.11.1 SQL Injection via parameter dataSourceId
Critical
CVE-2022-34115
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
laravel-jqgrid vulnerable to SQL Injection
Critical
CVE-2021-4262
was published
for
mgallegos/laravel-jqgrid
(Composer)
Dec 19, 2022
SQL Injection in SimpleSAMLphp
Critical
CVE-2019-15537
was published
for
cesnet/simplesamlphp-module-proxystatistics
(Composer)
Nov 8, 2019
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Critical
CVE-2021-28381
was published
for
fluidtypo3/vhs
(Composer)
Mar 29, 2021
SQL Injection in NukeViet
Critical
CVE-2019-7726
was published
for
nukeviet/nukeviet
(Composer)
Jun 22, 2021
SQL injection without credentials in ming-soft MCMS
Critical
CVE-2020-23262
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 9, 2022
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Critical
CVE-2021-21427
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
SQL injection in TYPO3 extension
Critical
CVE-2021-38302
was published
for
ecodev/newsletter
(Composer)
Sep 2, 2021
SQL Injection in topthink/thinkphp
Critical
CVE-2020-20120
was published
for
topthink/thinkphp
(Composer)
Sep 30, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter
Critical
CVE-2022-28111
was published
for
com.github.pagehelper:pagehelper
(Maven)
May 5, 2022
Jeecg-boot vulnerable to SQL Injection
Critical
CVE-2022-45206
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
Centreon vulnerable to SQL Injection
Critical
CVE-2022-3827
was published
for
centreon/centreon
(Composer)
Nov 2, 2022
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Critical
CVE-2022-45207
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 25, 2022
phpmyadmin contains SQL Injection vulnerability
Critical
CVE-2020-22452
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API